CISA
Coverage of CISA in the Nexus archive.
- CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents, setting a deadline of Friday.
- CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA added four actively exploited vulnerabilities to its KEV catalog, including a critical path traversal flaw in Adobe ColdFusion (CVE-2026-48282) that could enable arbitrary code execution. The other flaws affect Joomla and Langflow, with all vulnerabilities being actively exploited.
- The Download: your stake in OpenAI, and the Treasury’s AI warning
Sam Altman proposes a 5% government stake in OpenAI, offering $320 per household. The US Treasury compares the AI market to the dotcom bubble, while Samsung reports record profits from AI chips and Illinois enacts a strong frontier AI law.
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
CISA added a high-severity remote code execution vulnerability (CVE-2026-45659) in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw, rated with a CVSS score of 8.8, stems from deserialization of untrusted data.
- Citrix patches a new NetScaler flaw with echoes of CitrixBleed
Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway, including a high-severity memory disclosure flaw (CVE-2026-8451) linked to the CitrixBleed vulnerability class. Researchers at watchTowr and others identified the flaws, which involve memory management issues and require patching and configuration adjustments to mitigate risks.
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed that ransomware gangs are exploiting a Microsoft Defender privilege escalation vulnerability named BlueHammer, which was previously used in zero-day attacks. The flaw allows attackers to escalate privileges, potentially leading to system compromises.
- FBI: Russian hackers now target Signal backup recovery keys
The FBI and CISA warn that Russian intelligence-linked hackers are targeting Signal users through a phishing campaign to steal Backup Recovery Keys, enabling access to historical messages. The campaign has evolved to focus on these keys, which are critical for securing Signal backups.
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks
CISA has issued an urgent deadline for federal agencies to patch a vulnerability in Cisco Unified Communications Manager Server that is currently being exploited in attacks.
- FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
The FBI and CISA have updated their warning about Russian hackers phishing Signal accounts to obtain backup recovery keys, allowing attackers to access message history and take over accounts. The keys remain valid indefinitely once compromised.
- DHS chief says president has met with potential CISA nominee; agency plans to hire 600
Homeland Security Secretary Markwayne Mullin stated that the president has met with a potential nominee for the CISA director position. The agency plans to hire 600 additional staff once a new director is confirmed. The White House has not yet announced the nominee.
- Why patch directives only go so far
CISA issued an emergency directive for CVE-2026-50751, a critical authentication bypass vulnerability in Check Point Remote Access VPN, after exploitation began in May. Qilin ransomware affiliates exploited the flaw to breach organizations globally, using techniques like Rclone and Tox protocol for data exfiltration and command-and-control. The vulnerability highlights structural flaws in perimeter-dependent security architectures, where compromised security devices inherit trusted authority.
- Open-source security is posing challenges governments can’t easily solve
An increase in cyberattacks on open-source software highlights challenges in securing publicly available code, with experts citing underinvestment and maintenance issues. Governments under different administrations have had mixed impacts, while companies also face criticism for insufficient responsibility. Project Glasswing identified thousands of vulnerabilities in open-source projects, but only a small fraction have been patched.
- Former CISA Director Chris Krebs calls intelligence community's AI warning "pretty alarming"
An international alliance warns that advanced artificial intelligence models could soon overwhelm cybersecurity systems for governments and businesses. Chris Krebs provides analysis on the issue.
- Intel agencies: Frontier AI models will reshape cybersecurity faster than expected
Intelligence agencies from the Five Eyes alliance (US, Canada, UK, Australia, New Zealand) warn that advanced AI models capable of significantly impacting cybersecurity are months away from public availability. These models, including Anthropic's Fable 5 and OpenAI's Daybreak, could transform offensive and defensive cyber capabilities rapidly, exploiting weaknesses like legacy systems and slow patching. The agencies emphasize that older AI models and open-source variants already pose risks, with newer models quickly becoming accessible as development accelerates.
- CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks.
- CISA warns Fortinet users to secure devices after FortiBleed leak
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Fortinet users to secure their devices following the 'FortiBleed' data leak, which exposed nearly 74,000 firewall and VPN credentials. The incident highlights the need for immediate action to protect affected systems.
- Warner warns of CISA cuts, staffing gaps in letter to acting chief
Warner warned of potential cuts and staffing gaps at CISA in a letter to DHS Secretary Markwayne Mullin, urging the Department of Homeland Security to prioritize the agency and fund the MS-ISAC.
- CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
CISA added a vulnerability in LiteSpeed cPanel Plugin to its KEV catalog, requiring FCEB agencies to fix it by June 18, 2026. The flaw, CVE-2026-54420 (CVSS score 8.5), involves privilege escalation exploited for root access.
- CISA to require federal agencies to patch some cyber vulnerabilities within 3 days
CISA is requiring federal agencies to patch certain cyber vulnerabilities within 3 days. Agencies have 180 days to adopt the new patching timeframe under a directive released Wednesday.
- CISA directive orders agencies to prioritize vulnerability patching in a new way
CISA ordered federal agencies to prioritize vulnerability patching based on four criteria, including public exposure and automation potential. Agencies must adhere to timelines for remediation, with urgent fixes required for vulnerabilities meeting all four criteria. The directive aims to address AI-driven increases in vulnerability discovery and exploitation.
- CISA to transform how it assesses cyber vulnerabilities and risks, Andersen says
CISA will issue a binding operational directive requiring federal agencies to alter their approach to addressing cyber vulnerabilities by prioritizing some and deprioritizing others. The directive aims to transform how cyber risks are assessed.
- CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
CISA is rethinking risk prioritization for federal and private sectors under acting director Nick Andersen, introducing a binding operational directive for federal agencies. The directive emphasizes risk-based vulnerability management, focusing on internet-exposed assets and CISA's Known Exploited Vulnerabilities (KEV) list, while acknowledging past concepts like Section 9 designations as ineffective.
- CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA has mandated U.S. government agencies to address a critical vulnerability in Check Point Remote Access VPN and Mobile Access deployments, which is being exploited as a zero-day by Qilin ransomware affiliates. The directive requires agencies to secure these systems within three days to mitigate the risk of exploitation.
- Anthropic adviser says it's "not hypothetical" that AI could abet biological weapons risk
Anthropic adviser Ben Buchanan and CBS News contributor Chris Krebs discussed AI regulation and the risk of AI enabling biological weapons during a segment on 'Face the Nation with Margaret Brennan.' The conversation focused on whether the government should regulate AI and the potential dangers of unaddressed AI advancements.
- CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
CISA has added a high-severity denial-of-service vulnerability in SolarWinds Serv-U to its KEV catalog, citing active exploitation. The flaw, CVE-2026-28318 with a CVSS score of 7.5, causes the service to crash.
- CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned that hackers are actively exploiting a high-severity SolarWinds Serv-U flaw to crash servers. The vulnerability, recently patched, is being used by attackers to disrupt server operations.
- CISA directive for AI executive order to be released this week, Andersen says
CISA is set to release a binding operational directive related to an AI executive order this week, according to Andersen. The directive will emphasize vulnerability alleviation and management, as stated during Andersen's remarks at the TechNet Cyber conference in Baltimore.
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
CISA added a critical remote code execution (RCE) vulnerability in Mirasvit Cache Warmer, a Magento extension, to its KEV catalog due to active exploitation. The flaw, CVE-2026-45247 with a CVSS score of 9.8, involves deserialization of untrusted data.
- CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.
- DHS chief signals efforts to reshape CISA
DHS chief signals efforts to reshape CISA. Mullin stated CISA needs around 2,800 employees despite a hiring cap of 3,400.
- CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks.
- Palo Alto VPN bug graduates from advisory to active exploitation
Palo Alto Networks disclosed a critical security flaw, CVE-2026-0257, in PAN-OS GlobalProtect that allows attackers to bypass authentication and gain unauthorized VPN access. Researchers at Rapid7 confirmed active exploitation since May 17, prompting Palo Alto to elevate the severity rating and CISA to add it to its exploited vulnerabilities catalog with a June 1 patch deadline.
- CISA orders feds to patch actively exploited Drupal vulnerability
CISA has directed U.S. federal agencies to patch an SQL injection vulnerability in the Drupal CMS by Wednesday evening, as it is currently being actively exploited. The order emphasizes urgent action to secure government servers against potential attacks.
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.
- CISA to allow researchers to report vulnerabilities to exploited bugs catalog
CISA announced a new nomination form that allows researchers, vendors, and industry partners to report vulnerabilities for inclusion in the Known Exploited Vulnerabilities catalog. This initiative aims to streamline the process of identifying and tracking bugs that are actively being exploited in the wild.
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak
CISA (Cybersecurity and Infrastructure Security Agency) is managing a data breach while lawmakers request transparency and accountability regarding the incident. The data leak has drawn significant congressional attention and scrutiny.
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-34291 in Langflow (CVSS 9.4) and a flaw in Trend Micro Apex One. These security flaws have been identified as actively exploited in the wild.
- Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Attackers exploited vulnerabilities in over 22,000 breaches analyzed by Verizon, making exploits the top initial access vector, with a surge in exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects accounted for 31% of all known initial access vectors. Ransomware accounted for 48% of all breaches last year, up from 44% in 2024.
- CISA Exposes Secrets, Credentials in 'Private' Repo
The Cybersecurity and Infrastructure Security Agency's GitHub repository was publicly available since November 2025 and contained secrets and credentials despite being named 'Private-CISA'. This exposure is a significant security concern. The agency's mistake has raised questions about its ability to protect sensitive information.
- CISA Admin Leaked AWS GovCloud Keys on GitHub
A CISA administrator leaked AWS GovCloud keys on GitHub, potentially compromising sensitive information. The leak was reported on a security website and discussed on a news forum. The incident highlights the importance of secure key management.